Security update for gstreamer-plugins-bad

Announcement ID:	SUSE-SU-2021:1944-1
Rating:	important
References:	bsc#1181255
Cross-References:	CVE-2021-3185
CVSS scores:	CVE-2021-3185 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2021-3185 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:	Basesystem Module 15-SP3 Desktop Applications Module 15-SP3 openSUSE Leap 15.3 SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise Real Time 15 SP3 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2

An update that solves one vulnerability can now be installed.

Description:

This update for gstreamer-plugins-bad fixes the following issues:

• Update to version 1.16.3:
• CVE-2021-3185: buffer overflow in gst_h264_slice_parse_dec_ref_pic_marking() (bsc#1181255)
• amcvideodec: fix sync meta copying not taking a reference
• audiobuffersplit: Perform discont tracking on running time
• audiobuffersplit: Specify in the template caps that only interleaved audio is supported
• audiobuffersplit: Unset DISCONT flag if not discontinuous
• autoconvert: Fix lock-less exchange or free condition
• autoconvert: fix compiler warnings with g_atomic on recent GLib versions
• avfvideosrc: element requests camera permissions even with capture-screen property is true
• codecparsers: h264parser: guard against ref_pic_markings overflow
• dtlsconnection: Avoid segmentation fault when no srtp capabilities are negotiated
• dtls/connection: fix EOF handling with openssl 1.1.1e
• fdkaacdec: add support for mpegversion=2
• hls: Check nettle version to ensure AES128 support
• ipcpipeline: Rework compiler checks
• interlace: Increment phase_index before checking if we're at the end of the phase
• h264parser: Do not allocate too large size of memory for registered user data SEI
• ladspa: fix unbounded integer properties
• modplug: avoid division by zero
• msdkdec: Fix GstMsdkContext leak
• msdkenc: fix leaks on windows
• musepackdec: Don't fail all queries if no sample rate is known yet
• openslessink: Allow openslessink to handle 48kHz streams.
• opencv: allow compilation against 4.2.x
• proxysink: event_function needs to handle the event when it is disconnecetd from proxysrc
• vulkan: Drop use of VK_RESULT_BEGIN_RANGE
• wasapi: added missing lock release in case of error in gst_wasapi_xxx_reset
• wasapi: Fix possible deadlock while downwards state change
• waylandsink: Clear window when pipeline is stopped
• webrtc: Support non-trickle ICE candidates in the SDP
• webrtc: Unmap all non-binary buffers received via the datachannel

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.3
  zypper in -t patch SUSE-2021-1944=1
• Basesystem Module 15-SP3
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1944=1
• Desktop Applications Module 15-SP3
  zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-1944=1

Package List:

• openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
  • libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-9.3.1
  • libgstisoff-1_0-0-debuginfo-1.16.3-9.3.1
  • libgstplayer-1_0-0-debuginfo-1.16.3-9.3.1
  • libgstmpegts-1_0-0-1.16.3-9.3.1
  • libgstmpegts-1_0-0-debuginfo-1.16.3-9.3.1
  • libgstbadaudio-1_0-0-debuginfo-1.16.3-9.3.1
  • libgstsctp-1_0-0-1.16.3-9.3.1
  • libgstwayland-1_0-0-1.16.3-9.3.1
  • typelib-1_0-GstWebRTC-1_0-1.16.3-9.3.1
  • libgstinsertbin-1_0-0-1.16.3-9.3.1
  • libgstbadaudio-1_0-0-1.16.3-9.3.1
  • gstreamer-plugins-bad-debuginfo-1.16.3-9.3.1
  • libgstadaptivedemux-1_0-0-1.16.3-9.3.1
  • libgstwebrtc-1_0-0-debuginfo-1.16.3-9.3.1
  • gstreamer-plugins-bad-chromaprint-1.16.3-9.3.1
  • libgstinsertbin-1_0-0-debuginfo-1.16.3-9.3.1
  • libgstphotography-1_0-0-1.16.3-9.3.1
  • libgstcodecparsers-1_0-0-1.16.3-9.3.1
  • libgstcodecparsers-1_0-0-debuginfo-1.16.3-9.3.1
  • libgsturidownloader-1_0-0-debuginfo-1.16.3-9.3.1
  • libgstplayer-1_0-0-1.16.3-9.3.1
  • libgstbasecamerabinsrc-1_0-0-1.16.3-9.3.1
  • libgsturidownloader-1_0-0-1.16.3-9.3.1
  • typelib-1_0-GstPlayer-1_0-1.16.3-9.3.1
  • typelib-1_0-GstInsertBin-1_0-1.16.3-9.3.1
  • gstreamer-plugins-bad-debugsource-1.16.3-9.3.1
  • libgstphotography-1_0-0-debuginfo-1.16.3-9.3.1
  • libgstwayland-1_0-0-debuginfo-1.16.3-9.3.1
  • gstreamer-plugins-bad-devel-1.16.3-9.3.1
  • typelib-1_0-GstMpegts-1_0-1.16.3-9.3.1
  • libgstwebrtc-1_0-0-1.16.3-9.3.1
  • libgstisoff-1_0-0-1.16.3-9.3.1
  • gstreamer-plugins-bad-doc-1.16.3-9.3.1
  • libgstadaptivedemux-1_0-0-debuginfo-1.16.3-9.3.1
  • gstreamer-plugins-bad-1.16.3-9.3.1
  • libgstsctp-1_0-0-debuginfo-1.16.3-9.3.1
  • gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-9.3.1
• openSUSE Leap 15.3 (x86_64)
  • libgstphotography-1_0-0-32bit-1.16.3-9.3.1
  • libgstwebrtc-1_0-0-32bit-1.16.3-9.3.1
  • libgstbasecamerabinsrc-1_0-0-32bit-1.16.3-9.3.1
  • gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.16.3-9.3.1
  • libgstisoff-1_0-0-32bit-debuginfo-1.16.3-9.3.1
  • libgstisoff-1_0-0-32bit-1.16.3-9.3.1
  • libgstcodecparsers-1_0-0-32bit-1.16.3-9.3.1
  • libgstsctp-1_0-0-32bit-debuginfo-1.16.3-9.3.1
  • libgstcodecparsers-1_0-0-32bit-debuginfo-1.16.3-9.3.1
  • libgstsctp-1_0-0-32bit-1.16.3-9.3.1
  • libgstadaptivedemux-1_0-0-32bit-1.16.3-9.3.1
  • libgstadaptivedemux-1_0-0-32bit-debuginfo-1.16.3-9.3.1
  • gstreamer-plugins-bad-32bit-debuginfo-1.16.3-9.3.1
  • libgstmpegts-1_0-0-32bit-1.16.3-9.3.1
  • libgstplayer-1_0-0-32bit-1.16.3-9.3.1
  • gstreamer-plugins-bad-chromaprint-32bit-1.16.3-9.3.1
  • gstreamer-plugins-bad-32bit-1.16.3-9.3.1
  • libgstbadaudio-1_0-0-32bit-debuginfo-1.16.3-9.3.1
  • libgstwayland-1_0-0-32bit-1.16.3-9.3.1
  • libgstbadaudio-1_0-0-32bit-1.16.3-9.3.1
  • libgsturidownloader-1_0-0-32bit-1.16.3-9.3.1
  • libgstplayer-1_0-0-32bit-debuginfo-1.16.3-9.3.1
  • libgstwebrtc-1_0-0-32bit-debuginfo-1.16.3-9.3.1
  • libgstwayland-1_0-0-32bit-debuginfo-1.16.3-9.3.1
  • libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.16.3-9.3.1
  • libgstinsertbin-1_0-0-32bit-1.16.3-9.3.1
  • libgstphotography-1_0-0-32bit-debuginfo-1.16.3-9.3.1
  • libgstinsertbin-1_0-0-32bit-debuginfo-1.16.3-9.3.1
  • libgsturidownloader-1_0-0-32bit-debuginfo-1.16.3-9.3.1
  • libgstmpegts-1_0-0-32bit-debuginfo-1.16.3-9.3.1
• openSUSE Leap 15.3 (noarch)
  • gstreamer-plugins-bad-lang-1.16.3-9.3.1
• openSUSE Leap 15.3 (aarch64_ilp32)
  • libgstisoff-1_0-0-64bit-1.16.3-9.3.1
  • libgstwayland-1_0-0-64bit-debuginfo-1.16.3-9.3.1
  • libgstcodecparsers-1_0-0-64bit-1.16.3-9.3.1
  • libgstinsertbin-1_0-0-64bit-1.16.3-9.3.1
  • libgstwebrtc-1_0-0-64bit-1.16.3-9.3.1
  • libgstisoff-1_0-0-64bit-debuginfo-1.16.3-9.3.1
  • libgstwayland-1_0-0-64bit-1.16.3-9.3.1
  • libgstbasecamerabinsrc-1_0-0-64bit-1.16.3-9.3.1
  • libgstplayer-1_0-0-64bit-debuginfo-1.16.3-9.3.1
  • libgstplayer-1_0-0-64bit-1.16.3-9.3.1
  • libgstwebrtc-1_0-0-64bit-debuginfo-1.16.3-9.3.1
  • libgstsctp-1_0-0-64bit-1.16.3-9.3.1
  • libgstphotography-1_0-0-64bit-debuginfo-1.16.3-9.3.1
  • libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.16.3-9.3.1
  • libgstsctp-1_0-0-64bit-debuginfo-1.16.3-9.3.1
  • libgstcodecparsers-1_0-0-64bit-debuginfo-1.16.3-9.3.1
  • libgstadaptivedemux-1_0-0-64bit-1.16.3-9.3.1
  • libgstphotography-1_0-0-64bit-1.16.3-9.3.1
  • gstreamer-plugins-bad-64bit-debuginfo-1.16.3-9.3.1
  • gstreamer-plugins-bad-chromaprint-64bit-1.16.3-9.3.1
  • libgstinsertbin-1_0-0-64bit-debuginfo-1.16.3-9.3.1
  • libgstmpegts-1_0-0-64bit-1.16.3-9.3.1
  • libgsturidownloader-1_0-0-64bit-debuginfo-1.16.3-9.3.1
  • gstreamer-plugins-bad-64bit-1.16.3-9.3.1
  • libgstadaptivedemux-1_0-0-64bit-debuginfo-1.16.3-9.3.1
  • libgstbadaudio-1_0-0-64bit-debuginfo-1.16.3-9.3.1
  • libgstbadaudio-1_0-0-64bit-1.16.3-9.3.1
  • gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.16.3-9.3.1
  • libgstmpegts-1_0-0-64bit-debuginfo-1.16.3-9.3.1
  • libgsturidownloader-1_0-0-64bit-1.16.3-9.3.1
• Basesystem Module 15-SP3 (aarch64 ppc64le s390x x86_64)
  • libgstphotography-1_0-0-debuginfo-1.16.3-9.3.1
  • gstreamer-plugins-bad-debugsource-1.16.3-9.3.1
  • libgstphotography-1_0-0-1.16.3-9.3.1
  • gstreamer-plugins-bad-debuginfo-1.16.3-9.3.1
• Desktop Applications Module 15-SP3 (aarch64 ppc64le s390x x86_64)
  • libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-9.3.1
  • libgstisoff-1_0-0-debuginfo-1.16.3-9.3.1
  • libgstplayer-1_0-0-debuginfo-1.16.3-9.3.1
  • libgstmpegts-1_0-0-1.16.3-9.3.1
  • libgstmpegts-1_0-0-debuginfo-1.16.3-9.3.1
  • libgstbadaudio-1_0-0-debuginfo-1.16.3-9.3.1
  • libgstsctp-1_0-0-1.16.3-9.3.1
  • libgstwayland-1_0-0-1.16.3-9.3.1
  • typelib-1_0-GstWebRTC-1_0-1.16.3-9.3.1
  • libgstinsertbin-1_0-0-1.16.3-9.3.1
  • libgstbadaudio-1_0-0-1.16.3-9.3.1
  • gstreamer-plugins-bad-debuginfo-1.16.3-9.3.1
  • libgstadaptivedemux-1_0-0-1.16.3-9.3.1
  • libgstwebrtc-1_0-0-debuginfo-1.16.3-9.3.1
  • gstreamer-plugins-bad-chromaprint-1.16.3-9.3.1
  • libgstinsertbin-1_0-0-debuginfo-1.16.3-9.3.1
  • libgstcodecparsers-1_0-0-1.16.3-9.3.1
  • libgstcodecparsers-1_0-0-debuginfo-1.16.3-9.3.1
  • libgsturidownloader-1_0-0-debuginfo-1.16.3-9.3.1
  • libgstplayer-1_0-0-1.16.3-9.3.1
  • libgstbasecamerabinsrc-1_0-0-1.16.3-9.3.1
  • libgsturidownloader-1_0-0-1.16.3-9.3.1
  • typelib-1_0-GstPlayer-1_0-1.16.3-9.3.1
  • typelib-1_0-GstInsertBin-1_0-1.16.3-9.3.1
  • gstreamer-plugins-bad-debugsource-1.16.3-9.3.1
  • libgstwayland-1_0-0-debuginfo-1.16.3-9.3.1
  • gstreamer-plugins-bad-devel-1.16.3-9.3.1
  • typelib-1_0-GstMpegts-1_0-1.16.3-9.3.1
  • libgstwebrtc-1_0-0-1.16.3-9.3.1
  • libgstisoff-1_0-0-1.16.3-9.3.1
  • libgstadaptivedemux-1_0-0-debuginfo-1.16.3-9.3.1
  • gstreamer-plugins-bad-1.16.3-9.3.1
  • libgstsctp-1_0-0-debuginfo-1.16.3-9.3.1
  • gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-9.3.1
• Desktop Applications Module 15-SP3 (noarch)
  • gstreamer-plugins-bad-lang-1.16.3-9.3.1

References:

• https://www.suse.com/security/cve/CVE-2021-3185.html
• https://bugzilla.suse.com/show_bug.cgi?id=1181255